OSF DCE Administration Guide--Core Components
OSF DCE Administration Guide—Core Components
at certain code points in the application server program to actuate the recording of
audit events. Other APIs can be used to create tools that examine and analyze the
audit event records.
• audit daemon
The audit daemon provides the following services:
— Maintains the filters and the central audit trail file.
— Exports an RPC interface with which it can be controlled by the DCE control
program (dcecp).
• DCE control program
The DCE Audit Service’s management interface to the audit daemon. As an
administrator, you can use it to specify how the audit daemon will filter the recording
of audit events.
42.3 DCE Audit Service Concepts
This section describes some of the concepts that are relevant to the administration of the
DCE Audit Service.
42.3.1 Audit Clients
All RPC-based servers are potential audit clients; DCE servers and user-written
application servers. The DCE Security Service and the Distributed Time Service are
auditable. That is, code points (discussed in the next section) are already in place in
these services.
The audit daemon can also audit itself.
Audit clients should have the log permission to the audit daemon object to be able to use
the central audit trail file. Permissions to the audit daemon are discussed in Chapter 43.
42.3.2 CodePoints
A code point is a location in the application server program where DCE audit APIs are
used. Code points generally correspond to operations or functions offered by the
application server that requires audit. For example, if a bank server offers the cash
withdrawal function acct_withdraw(), this function may be deemed to be an auditable
event and be designated as a code point.
Code points are already in place in the DCE Security Service, Distributed Time Service,
and Audit Service code. Code points and their associated events for the DCE Security
42 − 2 Tandem Computers Incorporated 124243